62d9b40e52eccd2f29b88923fcb92165bc98d9c81e602c405a7febf0e72fec90

Analysis

max time kernel
125s
max time network
133s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62d9b40e52eccd2f29b88923fcb92165bc98d9c81e602c405a7febf0e72fec90.exe
Size

49KB
MD5

6ee87004618d9cbe46a1eea2ecff7597
SHA1

7fdc694af74aa4c256d44769d4c6a3fcc55988f0
SHA256

62d9b40e52eccd2f29b88923fcb92165bc98d9c81e602c405a7febf0e72fec90
SHA512

a3d08b5d32d7101f1076e1c4c6b13d3e57bfa61e8b384f328b1820cfc977ebe9a7a3b9dc588f617b22154b5252c5361dc0cbaae7d5f436c4710b6718ffaf52f8
SSDEEP

768:Q8eRHO9lFh0ul16sh7iQroCH/f+RjFBSuB2XVZi:Q9lOZ16sh7iQroCuRB0uyi

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2804	bkgrnd.exe

Loads dropped DLL 1 IoCs

pid	Process
2876	62d9b40e52eccd2f29b88923fcb92165bc98d9c81e602c405a7febf0e72fec90.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	62d9b40e52eccd2f29b88923fcb92165bc98d9c81e602c405a7febf0e72fec90.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bkgrnd.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 2804	2876	62d9b40e52eccd2f29b88923fcb92165bc98d9c81e602c405a7febf0e72fec90.exe	30
PID 2876 wrote to memory of 2804	2876	62d9b40e52eccd2f29b88923fcb92165bc98d9c81e602c405a7febf0e72fec90.exe	30
PID 2876 wrote to memory of 2804	2876	62d9b40e52eccd2f29b88923fcb92165bc98d9c81e602c405a7febf0e72fec90.exe	30
PID 2876 wrote to memory of 2804	2876	62d9b40e52eccd2f29b88923fcb92165bc98d9c81e602c405a7febf0e72fec90.exe	30

C:\Users\Admin\AppData\Local\Temp\62d9b40e52eccd2f29b88923fcb92165bc98d9c81e602c405a7febf0e72fec90.exe
"C:\Users\Admin\AppData\Local\Temp\62d9b40e52eccd2f29b88923fcb92165bc98d9c81e602c405a7febf0e72fec90.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Users\Admin\AppData\Local\Temp\bkgrnd.exe
  "C:\Users\Admin\AppData\Local\Temp\bkgrnd.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\bkgrnd.exe

Filesize
50KB

MD5
850ecea9fc76b4cbc55c2ae6df2c6897

SHA1
7e4aaa1cd4ce424ff7674ba9443012c4c3b0b061

SHA256
5ab644c50fcc139f6d955e78f4d8dc0338a7d8e02e99c846f6370f50bea5c53a

SHA512
97a332424995837d8d24a91e83266c0e68aa1d7f7d5f6fec87a477aa091c93e3990ac01b060caa97b45b26033b6f49522f8c7159341adfd2242b94cb53adc42b

Download Submit
memory/2804-11-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2804-35-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2876-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2876-2-0x0000000004000000-0x0000000004006000-memory.dmp

Filesize
24KB

Download
memory/2876-1-0x0000000004000000-0x0000000004006000-memory.dmp

Filesize
24KB

Download
memory/2876-7-0x0000000001E30000-0x0000000001E3A000-memory.dmp

Filesize
40KB

Download
memory/2876-10-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download